Trojan and/or adware on my system which i can't remove

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,
My system has developed a prolem. Unwanted ads keep popping up for all
sorts of trash, even when i'm not online. After i've closed the ads they
occasionally leave icons on my desktop. Also my desktop went blue with a
security warning in the middle about trojans & spyware on the system telling
me to install a program called security iguard (which i didn't). I've
managed to get rid of this (although i still can't get it to change from
blue) but now a flashing icon appears on the desktop toolbar with messages
about how my system is infected and telling me to install one security
program or another.

I'm on XP professional and when this started i only had the windows standard
firewall and McAfee Virus scan. I've now upgraded to the full McAfee
Internet Security package incl firewall. I've run both adaware and spybot,
both in safe mode and normal mode, and i've turned off system restore while i
was doing all those things. The new Mcafee package picked up a trojan and
deleted it but after all of the above the problem still persists.

Any advice please?
11 answers Last reply
More about trojan adware system remove
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    BrundleFly wrote:

    > Hi,
    > My system has developed a prolem. Unwanted ads keep popping up for
    > all
    > sorts of trash, even when i'm not online. After i've closed the ads
    > they
    > occasionally leave icons on my desktop. Also my desktop went blue
    > with a security warning in the middle about trojans & spyware on the
    > system telling
    > me to install a program called security iguard (which i didn't). I've
    > managed to get rid of this (although i still can't get it to change
    > from blue) but now a flashing icon appears on the desktop toolbar with
    > messages about how my system is infected and telling me to install one
    > security program or another.
    >
    > I'm on XP professional and when this started i only had the windows
    > standard
    > firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > Internet Security package incl firewall. I've run both adaware and
    > spybot, both in safe mode and normal mode, and i've turned off system
    > restore while i
    > was doing all those things. The new Mcafee package picked up a trojan
    > and deleted it but after all of the above the problem still persists.
    >
    > Any advice please?

    If you are still getting popups, then your system is still infected.
    Since you've already run Ad-aware and Spybot (presumably the latest
    versions with updated definitions) in Safe Mode, move on to HijackThis
    and post your log at one of the HijackThis forums (not here, please).
    Here is information about HijackThis:

    http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    Eshelman
    http://aumha.net - forums
    http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    forum
    http://www.wilderssecurity.com/
    http://forums.tomcoyote.org/
    http://www.spywareinfo.com/forums/

    Malke
    --
    MS-MVP Windows User/Shell
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic"
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thanks Malke,
    I'll try that. When you say my system is still infected, does it sound like
    it is a trojan or just adware? If it's a trojan, what can this do to my
    system and its security? presumably it's not safe to do things like internet
    banking etc?

    Thanks again buddy!


    "Malke" wrote:

    > BrundleFly wrote:
    >
    > > Hi,
    > > My system has developed a prolem. Unwanted ads keep popping up for
    > > all
    > > sorts of trash, even when i'm not online. After i've closed the ads
    > > they
    > > occasionally leave icons on my desktop. Also my desktop went blue
    > > with a security warning in the middle about trojans & spyware on the
    > > system telling
    > > me to install a program called security iguard (which i didn't). I've
    > > managed to get rid of this (although i still can't get it to change
    > > from blue) but now a flashing icon appears on the desktop toolbar with
    > > messages about how my system is infected and telling me to install one
    > > security program or another.
    > >
    > > I'm on XP professional and when this started i only had the windows
    > > standard
    > > firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > > Internet Security package incl firewall. I've run both adaware and
    > > spybot, both in safe mode and normal mode, and i've turned off system
    > > restore while i
    > > was doing all those things. The new Mcafee package picked up a trojan
    > > and deleted it but after all of the above the problem still persists.
    > >
    > > Any advice please?
    >
    > If you are still getting popups, then your system is still infected.
    > Since you've already run Ad-aware and Spybot (presumably the latest
    > versions with updated definitions) in Safe Mode, move on to HijackThis
    > and post your log at one of the HijackThis forums (not here, please).
    > Here is information about HijackThis:
    >
    > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    > Eshelman
    > http://aumha.net - forums
    > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    > forum
    > http://www.wilderssecurity.com/
    > http://forums.tomcoyote.org/
    > http://www.spywareinfo.com/forums/
    >
    > Malke
    > --
    > MS-MVP Windows User/Shell
    > Elephant Boy Computers
    > www.elephantboycomputers.com
    > "Don't Panic"
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi

    Was interested in your problem and in particular whether you found a
    solution - I too have had something 'infect' my system (running on Windows
    XP) which has taken over by desktop - first of all it went blue and now it
    changes colour occasionally!! - did you find a solution and, if so, what was
    it ?

    Thanks

    "BrundleFly" wrote:

    > Hi,
    > My system has developed a prolem. Unwanted ads keep popping up for all
    > sorts of trash, even when i'm not online. After i've closed the ads they
    > occasionally leave icons on my desktop. Also my desktop went blue with a
    > security warning in the middle about trojans & spyware on the system telling
    > me to install a program called security iguard (which i didn't). I've
    > managed to get rid of this (although i still can't get it to change from
    > blue) but now a flashing icon appears on the desktop toolbar with messages
    > about how my system is infected and telling me to install one security
    > program or another.
    >
    > I'm on XP professional and when this started i only had the windows standard
    > firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > Internet Security package incl firewall. I've run both adaware and spybot,
    > both in safe mode and normal mode, and i've turned off system restore while i
    > was doing all those things. The new Mcafee package picked up a trojan and
    > deleted it but after all of the above the problem still persists.
    >
    > Any advice please?
    >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi,
    If you haven't already, run ad-aware & spybot. if they still don't work, as
    they didn't for me, see Malke's reponse above. I haven't tried it yet
    because he only posted it a few minutes ago. I'll be trying it when i get
    home so i'll let you know tomorrow if it's successful. If it's not, i think
    i'm just going to format the hard disk which you could also do if you're
    prepared to back-up or lose everything on there for the peace of mind of a
    clean system.

    Are you getting ad pop-ups coming up aswell by the way? Let me know if you
    find a way to fix the problem as it's driving me crazy now!

    Good luck!

    "DazandBella" wrote:

    > Hi
    >
    > Was interested in your problem and in particular whether you found a
    > solution - I too have had something 'infect' my system (running on Windows
    > XP) which has taken over by desktop - first of all it went blue and now it
    > changes colour occasionally!! - did you find a solution and, if so, what was
    > it ?
    >
    > Thanks
    >
    > "BrundleFly" wrote:
    >
    > > Hi,
    > > My system has developed a prolem. Unwanted ads keep popping up for all
    > > sorts of trash, even when i'm not online. After i've closed the ads they
    > > occasionally leave icons on my desktop. Also my desktop went blue with a
    > > security warning in the middle about trojans & spyware on the system telling
    > > me to install a program called security iguard (which i didn't). I've
    > > managed to get rid of this (although i still can't get it to change from
    > > blue) but now a flashing icon appears on the desktop toolbar with messages
    > > about how my system is infected and telling me to install one security
    > > program or another.
    > >
    > > I'm on XP professional and when this started i only had the windows standard
    > > firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > > Internet Security package incl firewall. I've run both adaware and spybot,
    > > both in safe mode and normal mode, and i've turned off system restore while i
    > > was doing all those things. The new Mcafee package picked up a trojan and
    > > deleted it but after all of the above the problem still persists.
    > >
    > > Any advice please?
    > >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi

    Yes I've run Spybot and Adaware (many times) - to be honest the pop up boxes
    aren't too bad (ie not that may) - its the fact that the desktop has been
    taken over and my own desktop picture has been shoved out of the way. Let me
    know how you get on with your solution and I'll have a look at HijackThis
    also.

    Cheers

    Daz

    "BrundleFly" wrote:

    > Hi,
    > If you haven't already, run ad-aware & spybot. if they still don't work, as
    > they didn't for me, see Malke's reponse above. I haven't tried it yet
    > because he only posted it a few minutes ago. I'll be trying it when i get
    > home so i'll let you know tomorrow if it's successful. If it's not, i think
    > i'm just going to format the hard disk which you could also do if you're
    > prepared to back-up or lose everything on there for the peace of mind of a
    > clean system.
    >
    > Are you getting ad pop-ups coming up aswell by the way? Let me know if you
    > find a way to fix the problem as it's driving me crazy now!
    >
    > Good luck!
    >
    > "DazandBella" wrote:
    >
    > > Hi
    > >
    > > Was interested in your problem and in particular whether you found a
    > > solution - I too have had something 'infect' my system (running on Windows
    > > XP) which has taken over by desktop - first of all it went blue and now it
    > > changes colour occasionally!! - did you find a solution and, if so, what was
    > > it ?
    > >
    > > Thanks
    > >
    > > "BrundleFly" wrote:
    > >
    > > > Hi,
    > > > My system has developed a prolem. Unwanted ads keep popping up for all
    > > > sorts of trash, even when i'm not online. After i've closed the ads they
    > > > occasionally leave icons on my desktop. Also my desktop went blue with a
    > > > security warning in the middle about trojans & spyware on the system telling
    > > > me to install a program called security iguard (which i didn't). I've
    > > > managed to get rid of this (although i still can't get it to change from
    > > > blue) but now a flashing icon appears on the desktop toolbar with messages
    > > > about how my system is infected and telling me to install one security
    > > > program or another.
    > > >
    > > > I'm on XP professional and when this started i only had the windows standard
    > > > firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > > > Internet Security package incl firewall. I've run both adaware and spybot,
    > > > both in safe mode and normal mode, and i've turned off system restore while i
    > > > was doing all those things. The new Mcafee package picked up a trojan and
    > > > deleted it but after all of the above the problem still persists.
    > > >
    > > > Any advice please?
    > > >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "BrundleFly" <BrundleFly@discussions.microsoft.com>

    | Hi,
    | My system has developed a prolem. Unwanted ads keep popping up for all
    | sorts of trash, even when i'm not online. After i've closed the ads they
    | occasionally leave icons on my desktop. Also my desktop went blue with a
    | security warning in the middle about trojans & spyware on the system telling
    | me to install a program called security iguard (which i didn't). I've
    | managed to get rid of this (although i still can't get it to change from
    | blue) but now a flashing icon appears on the desktop toolbar with messages
    | about how my system is infected and telling me to install one security
    | program or another.
    |
    | I'm on XP professional and when this started i only had the windows standard
    | firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    | Internet Security package incl firewall. I've run both adaware and spybot,
    | both in safe mode and normal mode, and i've turned off system restore while i
    | was doing all those things. The new Mcafee package picked up a trojan and
    | deleted it but after all of the above the problem still persists.
    |
    | Any advice please?

    What are versions of Ad-aware and SpyBot S&D ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Dave,
    I'm not sure as it is on my computer at home and i'm at work, i'll check
    later and get back to you.

    But i only downloaded them a couple of days ago and i updated them yesterday
    aswell so should be the latest versions.

    "David H. Lipman" wrote:

    > From: "BrundleFly" <BrundleFly@discussions.microsoft.com>
    >
    > | Hi,
    > | My system has developed a prolem. Unwanted ads keep popping up for all
    > | sorts of trash, even when i'm not online. After i've closed the ads they
    > | occasionally leave icons on my desktop. Also my desktop went blue with a
    > | security warning in the middle about trojans & spyware on the system telling
    > | me to install a program called security iguard (which i didn't). I've
    > | managed to get rid of this (although i still can't get it to change from
    > | blue) but now a flashing icon appears on the desktop toolbar with messages
    > | about how my system is infected and telling me to install one security
    > | program or another.
    > |
    > | I'm on XP professional and when this started i only had the windows standard
    > | firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > | Internet Security package incl firewall. I've run both adaware and spybot,
    > | both in safe mode and normal mode, and i've turned off system restore while i
    > | was doing all those things. The new Mcafee package picked up a trojan and
    > | deleted it but after all of the above the problem still persists.
    > |
    > | Any advice please?
    >
    > What are versions of Ad-aware and SpyBot S&D ?
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "BrundleFly" <BrundleFly@discussions.microsoft.com>

    | Hi Dave,
    | I'm not sure as it is on my computer at home and i'm at work, i'll check
    | later and get back to you.
    |
    | But i only downloaded them a couple of days ago and i updated them yesterday
    | aswell so should be the latest versions.

    OK. Just wanted to make sure as many still use Ad-aware6 and earlier versions of SpyBot S&D
    than v1.3.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Malke,
    I've those forum links you gave me, they don't seem to be sending me the
    activation e-mail though. I've posted my HijackThis log below in case you or
    anyone else can help me fix it. Thanks.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\popuper.exe
    C:\WINDOWS\system32\intmonp.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.qfind.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://www.qfind.net/search.php?qq=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://qfind.net/bar/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.qfind.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://www.qfind.net/search.php?qq=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    http://www.qfind.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    http://www.qfind.net/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://www.blueyonder.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
    Explorer Provided by blueyonder
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -
    c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} -
    c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe
    /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
    /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program
    Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
    Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft AntiSpyware helper -
    {F5D4D416-51D9-45E7-BD9D-D1255026AD5E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
    {F5D4D416-51D9-45E7-BD9D-D1255026AD5E} - (no file) (HKCU)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
    System Class) -
    http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111406129308
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
    http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cancerbacup.org
    O17 - HKLM\Software\..\Telephony: DomainName = cancerbacup.org
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cancerbacup.org
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,
    Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
    McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
    Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


    "Malke" wrote:

    > BrundleFly wrote:
    >
    > > Hi,
    > > My system has developed a prolem. Unwanted ads keep popping up for
    > > all
    > > sorts of trash, even when i'm not online. After i've closed the ads
    > > they
    > > occasionally leave icons on my desktop. Also my desktop went blue
    > > with a security warning in the middle about trojans & spyware on the
    > > system telling
    > > me to install a program called security iguard (which i didn't). I've
    > > managed to get rid of this (although i still can't get it to change
    > > from blue) but now a flashing icon appears on the desktop toolbar with
    > > messages about how my system is infected and telling me to install one
    > > security program or another.
    > >
    > > I'm on XP professional and when this started i only had the windows
    > > standard
    > > firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > > Internet Security package incl firewall. I've run both adaware and
    > > spybot, both in safe mode and normal mode, and i've turned off system
    > > restore while i
    > > was doing all those things. The new Mcafee package picked up a trojan
    > > and deleted it but after all of the above the problem still persists.
    > >
    > > Any advice please?
    >
    > If you are still getting popups, then your system is still infected.
    > Since you've already run Ad-aware and Spybot (presumably the latest
    > versions with updated definitions) in Safe Mode, move on to HijackThis
    > and post your log at one of the HijackThis forums (not here, please).
    > Here is information about HijackThis:
    >
    > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    > Eshelman
    > http://aumha.net - forums
    > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    > forum
    > http://www.wilderssecurity.com/
    > http://forums.tomcoyote.org/
    > http://www.spywareinfo.com/forums/
    >
    > Malke
    > --
    > MS-MVP Windows User/Shell
    > Elephant Boy Computers
    > www.elephantboycomputers.com
    > "Don't Panic"
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Brundle,
    My friend had this trojan a couple of weeks ago and this is how I
    helped him to get rid of the Trojan-spy.HTML -->
    http://elamb.blogharbor.com/hacked/removesmithfraud.htm

    More on computer Security:
    elamb.org


    BrundleFly wrote:
    > Hi Malke,
    > I've those forum links you gave me, they don't seem to be sending me
    the
    > activation e-mail though. I've posted my HijackThis log below in
    case you or
    > anyone else can help me fix it. Thanks.
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    > C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    > C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    > c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\WINDOWS\system32\msole32.exe
    > C:\WINDOWS\popuper.exe
    > C:\WINDOWS\system32\intmonp.exe
    > C:\WINDOWS\System32\hkcmd.exe
    > C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    > C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    > C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    > C:\WINDOWS\system32\wuauclt.exe
    > C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    > C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    > C:\WINDOWS\system32\ctfmon.exe
    > C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    > C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    > C:\Program Files\WinZip\WZQKPICK.EXE
    > C:\Program Files\blueyonder IST\bin\mpbtn.exe
    > C:\Documents and Settings\Administrator\Local
    Settings\Temp\HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
    =
    > http://www.qfind.net/
    > R1 - HKCU\Software\Microsoft\Internet
    Explorer\Main,Default_Search_URL =
    > http://www.qfind.net/search.php?qq=%s
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.google.co.uk/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > http://qfind.net/bar/index.html
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.qfind.net/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    > http://www.qfind.net/search.php?qq=%s
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    > http://www.qfind.net/
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    > http://www.qfind.net/
    > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    > http://www.blueyonder.co.uk/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Internet
    > Explorer Provided by blueyonder
    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings,ProxyOverride = 127.0.0.1
    > O2 - BHO: AcroIEHlprObj Class -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    > O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
    -
    > c:\program files\mcafee.com\mps\mcbrhlpr.dll
    > O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22}
    -
    > c:\program files\mcafee.com\mps\popupkiller.dll
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    > C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    > O3 - Toolbar: McAfee VirusScan -
    {BA52B914-B692-46c4-B683-905236F6F655} -
    > c:\progra~1\mcafee.com\vso\mcvsshl.dll
    > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    > O4 - HKLM\..\Run: [MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    > O4 - HKLM\..\Run: [MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    > O4 - HKLM\..\Run: [MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    > O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    /embedding
    > O4 - HKLM\..\Run: [MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    > O4 - HKLM\..\Run: [MSKDetectorExe]
    C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe
    > /startup
    > O4 - HKLM\..\Run: [VSOCheckTask]
    "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
    > /checktask
    > O4 - HKLM\..\Run: [VirusScan Online]
    "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    > O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    > O4 - HKCU\..\Run: [MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    > O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program

    > Files\blueyonder IST\bin\matcli.exe
    > O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
    > Files\WinZip\WZQKPICK.EXE
    > O8 - Extra context menu item: E&xport to Microsoft Excel -
    > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}
    -
    > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    -
    > C:\Program Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    > O9 - Extra button: Microsoft AntiSpyware helper -
    > {F5D4D416-51D9-45E7-BD9D-D1255026AD5E} - (no file) (HKCU)
    > O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
    > {F5D4D416-51D9-45E7-BD9D-D1255026AD5E} - (no file) (HKCU)
    > O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
    Operating
    > System Class) -
    >
    http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
    Class) -
    >
    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111406129308
    > O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr
    Class) -
    >
    http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    > O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    cancerbacup.org
    > O17 - HKLM\Software\..\Telephony: DomainName = cancerbacup.org
    > O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
    cancerbacup.org
    > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    > O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
    > c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    > O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
    McAfee,
    > Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    > O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte)
    -
    > McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    > O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

    > Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    > O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -
    > C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    >
    >
    >
    >
    >
    > "Malke" wrote:
    >
    > > BrundleFly wrote:
    > >
    > > > Hi,
    > > > My system has developed a prolem. Unwanted ads keep popping up
    for
    > > > all
    > > > sorts of trash, even when i'm not online. After i've closed the
    ads
    > > > they
    > > > occasionally leave icons on my desktop. Also my desktop went
    blue
    > > > with a security warning in the middle about trojans & spyware on
    the
    > > > system telling
    > > > me to install a program called security iguard (which i didn't).
    I've
    > > > managed to get rid of this (although i still can't get it to
    change
    > > > from blue) but now a flashing icon appears on the desktop toolbar
    with
    > > > messages about how my system is infected and telling me to
    install one
    > > > security program or another.
    > > >
    > > > I'm on XP professional and when this started i only had the
    windows
    > > > standard
    > > > firewall and McAfee Virus scan. I've now upgraded to the full
    McAfee
    > > > Internet Security package incl firewall. I've run both adaware
    and
    > > > spybot, both in safe mode and normal mode, and i've turned off
    system
    > > > restore while i
    > > > was doing all those things. The new Mcafee package picked up a
    trojan
    > > > and deleted it but after all of the above the problem still
    persists.
    > > >
    > > > Any advice please?
    > >
    > > If you are still getting popups, then your system is still
    infected.
    > > Since you've already run Ad-aware and Spybot (presumably the latest
    > > versions with updated definitions) in Safe Mode, move on to
    HijackThis
    > > and post your log at one of the HijackThis forums (not here,
    please).
    > > Here is information about HijackThis:
    > >
    > > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    > > Eshelman
    > > http://aumha.net - forums
    > > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior
    HijackThis
    > > forum
    > > http://www.wilderssecurity.com/
    > > http://forums.tomcoyote.org/
    > > http://www.spywareinfo.com/forums/
    > >
    > > Malke
    > > --
    > > MS-MVP Windows User/Shell
    > > Elephant Boy Computers
    > > www.elephantboycomputers.com
    > > "Don't Panic"
    > >
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Daz,
    I've now got my system sorted, thanks to the advice from Malke and
    especially the guys at the forum he directed me to. Here's a link to the
    thread to see how it worked but start your own and they'll tell you exactly
    what files to remove etc.

    http://aumha.net/viewtopic.php?p=81593#81593


    "DazandBella" wrote:

    > Hi
    >
    > Yes I've run Spybot and Adaware (many times) - to be honest the pop up boxes
    > aren't too bad (ie not that may) - its the fact that the desktop has been
    > taken over and my own desktop picture has been shoved out of the way. Let me
    > know how you get on with your solution and I'll have a look at HijackThis
    > also.
    >
    > Cheers
    >
    > Daz
    >
    > "BrundleFly" wrote:
    >
    > > Hi,
    > > If you haven't already, run ad-aware & spybot. if they still don't work, as
    > > they didn't for me, see Malke's reponse above. I haven't tried it yet
    > > because he only posted it a few minutes ago. I'll be trying it when i get
    > > home so i'll let you know tomorrow if it's successful. If it's not, i think
    > > i'm just going to format the hard disk which you could also do if you're
    > > prepared to back-up or lose everything on there for the peace of mind of a
    > > clean system.
    > >
    > > Are you getting ad pop-ups coming up aswell by the way? Let me know if you
    > > find a way to fix the problem as it's driving me crazy now!
    > >
    > > Good luck!
    > >
    > > "DazandBella" wrote:
    > >
    > > > Hi
    > > >
    > > > Was interested in your problem and in particular whether you found a
    > > > solution - I too have had something 'infect' my system (running on Windows
    > > > XP) which has taken over by desktop - first of all it went blue and now it
    > > > changes colour occasionally!! - did you find a solution and, if so, what was
    > > > it ?
    > > >
    > > > Thanks
    > > >
    > > > "BrundleFly" wrote:
    > > >
    > > > > Hi,
    > > > > My system has developed a prolem. Unwanted ads keep popping up for all
    > > > > sorts of trash, even when i'm not online. After i've closed the ads they
    > > > > occasionally leave icons on my desktop. Also my desktop went blue with a
    > > > > security warning in the middle about trojans & spyware on the system telling
    > > > > me to install a program called security iguard (which i didn't). I've
    > > > > managed to get rid of this (although i still can't get it to change from
    > > > > blue) but now a flashing icon appears on the desktop toolbar with messages
    > > > > about how my system is infected and telling me to install one security
    > > > > program or another.
    > > > >
    > > > > I'm on XP professional and when this started i only had the windows standard
    > > > > firewall and McAfee Virus scan. I've now upgraded to the full McAfee
    > > > > Internet Security package incl firewall. I've run both adaware and spybot,
    > > > > both in safe mode and normal mode, and i've turned off system restore while i
    > > > > was doing all those things. The new Mcafee package picked up a trojan and
    > > > > deleted it but after all of the above the problem still persists.
    > > > >
    > > > > Any advice please?
    > > > >
Ask a new question

Read More

Security Desktops Windows XP